package com.cyt.base.filter;

import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/**
 * Xss过滤对象
 *
 * @author shengQiang yu
 * @date 2019-04-18 10:37
 */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper{

    public XssHttpServletRequestWrapper(HttpServletRequest request){
        super(request);
    }


    @Override
    public String[] getParameterValues(String name){
        String[] values = super.getParameterValues(name);
        if (values != null)
        {
            int length = values.length;
            String[] escapseValues = new String[length];
            for (int i = 0; i < length; i++){
                String xssCode="cyt_fwb_2019";//xss有效码格式cyt_fwb_4为数
                String bodyHtml=values[i];
                if(!(bodyHtml.contains(xssCode))){
                    // 防xss攻击和过滤前后空格
                    escapseValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim();
                }else{
                    escapseValues[i] =bodyHtml;
                }
            }
            return escapseValues;
        }
        return super.getParameterValues(name);
    }
}